Name.com CORE API Overview
The Name.com CORE API lets you search, register, and manage domains, DNS records, WHOIS privacy, and more — all through a secure, RESTful interface.
CORE is the latest version of the Name.com API, built for resellers, and developers.
For legacy v4 integrations, view the v4 API documentation. For a summary of what’s new in CORE v1, see the Changelog
Base URLs
| Environment | Base URL | Purpose |
|---|---|---|
| Production | https://api.name.com | Manage live domains in your production account. |
| Sandbox (Testing) | https://api.dev.name.com | Test and simulate actions without affecting real domains. |
API Versioning
The Name.com API uses path-based versioning (e.g., core/v1/ in the endpoint URLs). Going forward, our API will be following semantic versioning on changes to the API. For details on updates, breaking changes, and deprecations, see the 📅 API Changelog.
- Current version: CORE v1, released May 2025
- Versioning model: Major version in the URL path (e.g., https://api.name.com/core/v1)
- Previous versions: v4 is still supported and will sunset at a predetermined time in 2026 with communication in advance.
For a detailed timeline of updates, breaking changes, deprecations, and upcoming features, see our Changelog.
Key Characteristics
- RESTful Endpoints: Standard HTTP methods (GET, POST, PUT, DELETE).
- Authentication: HTTP Basic Auth (username + API token). Sandbox requires a -test username and a sandbox token.
- Secure Access: HTTPS only (port 443).
- Structured Resources: APIs are organized around Domains, DNS Records, Transfers, URL Forwarding, Vanity Nameservers, and Webhook Notifications.
Environment Details
The Name.com API provides two fully separated environments for safe development and live operations:
Production Environment
- Base URL:
https://api.name.com - Manage real domains and billing.
- Use your Name.com username and production API token.
Sandbox (Development) Environment
- Base URL:
https://api.dev.name.com - Safe for testing — no real charges.
- Use your username with -test appended (e.g.,
reseller123-test) and your sandbox API token. - Preloaded testing credit available.
- Domains and orders do not sync with production.
- Contacts between production and Sandbox are periodicallly synced. This allows a domain registration to happen in the Sandbox environment without creating contacts in the test account.
- Domain availability and pricing may differ because sandbox uses registry test systems.
- There are also some TLDs that are not available in the Sandbox environment, because the registries do not offer test connections.
- The 'Try It' feature within this API documentation has limited access to our development environment only.
Important: Domains must be created in sandbox before using them. For example, GET /core/v1/domains/example.com will return "Not Found" unless you register it first in the sandbox environment.
Response Format
- API responses are returned in JSON format.
- Fields set to default values (empty strings, false, 0) are omitted to simplify payloads.
- On success (HTTP 200 OK), you receive a structured JSON response.
- On error (HTTP 4xx/5xx), you receive an error JSON such as:
{
"message": "Permission Denied",
"details": "Authentication Error - Account Has Two-Step Verification Enabled"
}Always check both the HTTP status code and the message/details fields to debug responses.
API Usage Guidelines
Path Parameters
Insert actual values where {} appears in endpoints.
Example:
GET /core/v1/domains/{domainName}/records
GET /core/v1/domains/example.org/records
HTTP Methods and Content-Type
Use the correct HTTP verb:
| Method | Action |
|---|---|
| GET | Retrieve a resource |
| POST | Create a new resource |
| PUT | Update an existing resource |
| DELETE | Delete a resource |
When sending JSON payloads (POST/PUT), always set the header: Content-Type: application/json
Pagination
- For list endpoints, use the
perPageandpagequery parameters. - The API provides Link headers for easy pagination:
Link: <https://api.name.com/core/v1/domains?page=2>; rel="next" - You can use these headers to automate paging through large lists of results.
Important Note on Colon (:) in Endpoint Paths
For the following endpoints:
- POST /core/v1/domains:checkAvailability
- POST /core/v1/domains:search
- POST /core/v1/domains:searchStream
Do not URL-encode the colon (:) in the request path.
Some HTTP clients or SDKs may automatically encode : to %3A (e.g., /v4/domains%3AcheckAvailability), which will cause the request to fail.
Always use the literal colon character : in the endpoint URL.
Rate Limits
- 20 requests per second
- 3,000 requests per hour
If you exceed the rate limit, the server responds with 429 Too Many Requests. Implement retry and backoff logic in your integration.
Common API Errors
| Error | Meaning | How to Fix |
|---|---|---|
| Not Found | Resource not found in environment. | Make sure the domain or record exists in the correct environment. |
| Permission Denied (2FA enabled) | 2FA-enabled accounts are not supported. | Disable Two-Factor Authentication on your account. |
| Invalid Argument (Bad IPv4) | Invalid or malformed input value. | Correct the input, such as providing a valid IPv4 address. |
| Permission Denied (Wrong env) | Mixing production/sandbox credentials. | Double-check that your API URL matches your credentials. |
| Unauthenticated | Authentication missing or invalid. | Fix your Basic Auth headers and verify no typos in URLs. |
| Permission Denied (Bad token) | Incorrect or revoked API token. | Regenerate a new API token and use it for your requests. |
Next Steps
You're ready to start building!
Build your integration by exploring the latest CORE API Resources!
Accessing the Legacy v4 API
We continue to maintain the v4 API documentation for existing integrations and legacy systems. While the current documentation focuses on the latest CORE API, you can still reference the full v4 guides if your systems depend on them.
Important Notes
- v4 remains supported for legacy users.
- All new integrations should use CORE v1.
- Only CORE v1+ will receive new features.
- Any v4 deprecation will be announced via the Changelog. All API access requires HTTPS and authentication with your Name.com credentials and API token.